From changes in IIS 6.0 to addressing buffer overrun issues, from support for new hashing algorithms to the numerous improvements in IPSec and EFS, Windows .NET is a major philosophy overhaul, and its effects are going to be felt throughout the computing industry. Security expert Zubair Alexander gives an overview of security enhancements in Windows .NET Server. This includes discussions of Microsoft's Trustworthy Computing initiative and how Microsoft has revamped its philosophy about securing the Windows .NET framework.

Zubair Alexander is the author of Microsoft ISA Server 2000. He specializes in design, implementation, and engineering of enterprise network services. For more information on all of his publications, visit his Web site at www.techgalaxy.net.

From the author of

From the author of

What's hot these days in the tech industry? Well, Microsoft's .NET
initiative, and, of course, security. Bill Gates and Microsoft Corporation have
considerable interest in assuring consumers that Microsoft Windows is a secure
platform, and that Microsoft is doing everything possible to enhance security in
Microsoft products. Of course, as InfoWorld points out, "In the
world of IT, giggling usually follows mention of 'Microsoft' and
'security' in the same sentence. That may change, however, following
the release of a whitepaper by independent security consultancy Foundstone, in
Irvine, Calif., on the security of Microsoft's .Net Framework." (Check
out the
whitepaper
by Foundstone, Inc., an independent security assessment firm that logged more
than 2,800 hours reviewing the security architecture of Microsoft .NET
Framework.)

With the release of each new version of Windows server operating system, you
justifiably expect the security to be enhanced over the previous version.
Windows .NET is no exception. This article examines the security updates to
Windows .NET Server. The security improvements discussed in this article are
based on Windows .NET beta 3. Of course, don't be too surprised if
Microsoft decides to add or remove some of these features by the time the
product is released. After all, .NET Server is still in beta phase; based on
previous experiences, some of the code may change in the released version.

Let's begin by looking at some of the areas on which Microsoft is
focusing in Windows .NET Server. This is by no means a complete listing of all
the security changes, but this overview will give you a pretty good idea of the
direction in which Microsoft is headed.